Privacy Policy
Introduction
At IM Projects, S.L. (“IM PROJECTS”, “we/us”, “Company”) we offer business software solutions for varied sectors such as Retail, Hospitality, Food and more.
We are committed to protecting the privacy of all users (“You/r”, the “User”) of our website www.im-projects.com (the “Website”) and App Services (“App Services”).This Privacy Policy explains our practices regarding the use of personal data collected and processed through our Website and App Services acting as Data Controller. Furthermore, in Annex I “DPA”, we explain how we process data collected through App Services acting as Data Processor.
Summary
We collect certain personal data for the purpose of communicating with you and offering and providing our Services. We maintain the security and confidentiality of your data in accordance with the applicable law and we do not disclose your personal data except as required to provide our Services.
By completing and submitting your personal data to IM PROJECTS via any online Contact form, you declare to have read and accepted the terms of this Privacy Policy and Annex I “DPA”. Without prejudice to the foregoing, you expressly and unequivocally consent to the collection and processing of your personal data (as identified below) by us in accordance with the indicated purposes.
Please read the text below carefully for the full details of this Privacy Policy.
1. GENERAL INFORMATION ABOUT US
The entity responsible for your data is IM Projects, SL., with CIF Number B63349559, domiciled at C/ Vallespir, 19 – 5th Floor Module 1 (08173) Sant Cugat del Vallés, Barcelona, Spain. All communications regarding the processing of your personal data shall be directed to privacy@im-projects.com.
2. DATA PROCESSED THROUGH USING THE WEBSITE
The following data is processed by IM Projects as Data Controller
| Data collected | Legitimate basis | Purpose |
|---|---|---|
| Navigation: Due to internet communication standards, when you visit our Website we automatically receive the URL of the site you came from and the site you visit when you leave our website. We also receive the Internet Protocol (“IP”) address of your computer and the type of browser you are using. We use this information to analyze overall trends to improve the service. This information is not shared with third parties without your consent | Legitimate interest /Express consent | Understand our web users and improve our Website. |
| Contact forms: When you contact Us by the contact form, email or similar communication means, we will collect the following information: name, surname, email address and the content of the message in order to attend your comments, requests, suggestions, etc. Additionally, we may process this data for statistical studies through pseudonymization and even anonymization techniques, such as data aggregation, preventing this subsequent processing from identifying Users individually | Express Consent. / In certain circumstances, we may process your data to comply with a legal or regulatory obligation to which we are subject | |
| CV professional data: When you contact Us sending your personal data and experience contact form, email or similar communication means, we will collect the following information: name, surname, email address, the content of the User message and the attached CV file in order to attend your request | Express consent | Knowing your professional skills in order to match them with vacant positions. |
| Newsletter: When subscribing to our newsletter We collect your email address. | Express consent | Keep you up to date with our product and service offerings including our community activities, and to send you information, offers, promotions or commercial communications in general, relating to our activities, products and services. |
3. DATA PROCESSED USING OUR APP SERVICES
For all our Apps, we collect the following data as Data Controller on registration:
| Data collected | Legitimate basis | Purpose |
|---|---|---|
| Registration Data: on registering for the APP Services, we will collect the following personal data about you: name, surname, email address and telephone. This data is mandatory and if it is not provided, your account (the “Account”) cannot be created | Performing our contract with you (that is, our License Agreement) to provide you with our Service, or to take steps at your request before entering into such a contract. |
|
| We have a legitimate interest to process your Registration Data for our business, in conducting and managing our business to give you the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest, and we do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). | The data we collect are also used to measure and improve the Service and its functionality and to provide customer service, send email notifications | |
| Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to. | For granting compliance with the Terms, the applicable laws, and other legal obligation we are subject to. | |
| Legitimate interest for sending own marketing communications to you via email or text message. | Sending newsletters, or communications, in general, about the Services, products and novelties, and product offers, or promotions offered by Us. | |
| Payment Data. Our payment providers collect certain payment data which is processed according to their terms and privacy policy which is provided to you during the payment process.
| Performing our contract with you (that is, our License Agreement) to provide you with our Service, or to take steps at your request before entering into such a contract. |
|
| Comply with a legal or regulatory obligation: we may process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to | For granting compliance with the Terms, the applicable laws, and other legal obligation we are subject to. | |
| Navigation Data. When you use our APP, we automatically receive device ID, location, IP, device description, connection code, screen use, connections with other device and user accounts, and device configuration. We use this information to analyze overall trends and to help improve the service. This information is not shared with third parties without your permission.
| Legitimate Interest for our business, in conducting and managing our business to give you the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest, and we do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). | Improve our Service and the User experience. |
When you use the Apps, we may also process personal data for which you are responsible as Data Controller, (i.e. we acting as Data Processor). In this case, our Annex I Data Processing Agreement attached hereto applies.
4. DISCLOSURE
We process your personal data confidentially in accordance with the applicable legislation. Unless stated otherwise, your personal data will not be provided to third parties. Specifically, we disclose your data as follows:
- We can give access to your personal data to our service providers under contracts for the provision of services in favor of the Company.
– Database maintenance and newsletter subscription management service providers.
– Analytics service providers.
– Hosting service providers.
– Email service providers.
– Consent management platform providers.
We require that all third parties respect the security of your personal data and treat them in accordance with the law. We do not allow our external service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions.
- We can make the personal data available to any third party interested in buying or buying IM PROJECTS, SL, or a part of the business and, consequently, give access to any national or international auditors to carry out their “due diligence”.
- We can make the data available to the authorities to investigate suspicions of fraud, harassment or other violations of any law, rule or regulation, or the policies of the website.
5. INTERNATIONAL TRANSFERS (THIRD PARTY SERVICE PROVIDERS)
We use third-party technology services for providing our Website, contacting you and providing services. These entities may be located in jurisdictions that generally do not provide adequate safeguards in relation to the processing of personal data. For all entities that are not part of the European Economic Area (EEA), we have signed contracts with those entities that do include such safeguards, including the European Commission’s model clauses.
You can contact us to consult or obtain copies of these agreements.
6. DATA RETENTION
We only keep your personal data for as long as it is necessary to fulfil the purposes for which we have collected them, even to comply with legal, accounting or information requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, if we can achieve those purposes through other means and the applicable legal requirements.
7. SECURITY MEASURES
We implement security measures and personal data protection schemes as required by law to maintain the confidentiality and integrity of your data and protection against unauthorized access, modification, or destruction. These measures are in accordance with the guidelines set by the National Data Protection Commissioners.
8. YOUR RIGHTS
You have rights under data protection laws in relation to your personal data. Specifically, you have the right to access, correct, request erasure, object to processing, request portability and restrict processing and for any processing that is based on your consent, you may withdraw that consent. These rights may be effective by contacting us at privacy@im-projects.com
You also have the right to make any complaint to the competent authority, in this case the Spanish Data Protection Agency (AEPD), C/. Jorge Juan, 6, 28001 Madrid, Spain, but please contact us first.
9. COMMERCIAL COMMUNICATIONS
When subscribing to our newsletter or as an IM APP user, you will receive electronic commercial communications in accordance with applicable law, including alerts, notifications, newsletters, offers and promotions about the IM PROJECTS Services. If you do not wish to receive information related to the IM PROJECTS Services, you may unsubscribe from any of our “Unsubscribe” communications or let us know by sending a notification to privacy@im-projects.com.
10. GENERAL
Accuracy. It is important that the personal data we hold about you is accurate and current. You are responsible for the accuracy of the information you provide to us, and you are expected to update any information you provide us with.
Prohibited data: In all events, it is forbidden to submit to us or upload any data that contains sensitive personal data that is related to identifiable persons such as: your and/or a third party’s racial origin, membership of a trade union, religion, ideology, or sexual life; your and/or a third party’s health; or your and/or a third party’s commission of criminal offences or involvement in criminal proceedings, and associated penalties or fines.
Changes. We reserve the right to amend the terms of this Privacy Policy and will notify you by providing a clear notice of these changes by email or on our website, and in this Privacy Policy. If you continue to use and/or access our Website after such update, you will be deemed to accept the new terms. If you do not accept the update, please notify us and we will terminate any account you may have with us and remove any of your personal data (except as required to be maintained for legal purposes), and you will not be able to continue to use services to which you have subscribed.
Applicable law. Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain.
ANNEX I: IM Projects data processing agreement
Introduction
When you use our Apps, IM PROJECTS processes certain data (“Application Data”) as a Data Processor on your instructions as Data Controller. We are providing you with a commercial service and therefore our processing of data on your behalf is governed by these terms. Hereinafter referred to individually as the “Party” and collectively as the “Parties”.
1. OBJECT, NATURE AND PURPOSE OF THE PROCESSING
Purpose of the processing: Providing App Services to the User. In order to provide application services, it is necessary to access “Application Data” shared by you as Data Controller. We, as Data Processor, will only access for providing App services and will not carry out other processing of personal data beyond this.
Duty to inform the data subject of the processing: this shall be the sole responsibility of you as Data Controller.
2. TYPE OF PERSONAL DATA AND CATEGORY OF DATA SUBJECTS
Type of personal data to which Data Processor will have access: E-mail, address, phone, contact person.
Categories of interested parties: Suppliers, Clients .
Authorized processing operations: Access to personal data on the server where the database of e-mails is stored, and its subsequent consultation, organization, structuring, preservation, reproduction, limitation, deletion or destruction, depending on what is necessary for the provision of Appt Services and the instructions of the “Data Controller”.
3. TERM
The period of validity of this processing is the term of use of the Apps.
4. COMPLIANCE WITH DATA PROTECTION LAWS
Each Party will comply with all applicable laws relating to privacy and data protection, including (without limitation) the EU Data Protection Directive (95/46/EC) by May 25, 2018, as implemented in each jurisdiction, the EU General Data Protection Regulation ( 2016/679) as of May 25, 2018, the EU Privacy and Electronic Communications Directive (2002/58 / EC) as implemented in each jurisdiction, and any modifications or amendments to legislation from time to time (collectively and individually, “Data Protection Laws ). “).
5. RIGHTS AND RESPONSIBILITIES OF THE USER AS DATA CONTROLLER
As required by applicable law, you, as App User and Data Controller, shall:
a) Inform and obtain all necessary consent from 3rd parties for the processing of their personal data.
b) Implement appropriate technical and organizational measures to ensure and demonstrate that the processing is carried out in accordance with applicable law.
c) Respond to Data Subjects legal rights under applicable law regarding the protection of personal data and comply with the provisions set out in clause 6.
6. RIGHTS AND RESPONSIBILITIES OF IM PROJECTS AS DATA PROCESSOR
As set forth in applicable laws and regulations, IM PROJECTS shall
a) Process Application Data only on the basis of documented instructions from the User, including transfers of Application Data to a third country or international organization, unless otherwise provided for under applicable Union or Member State law; in such a case, IM PROJECTS will inform you as User of the App of this legal requirement prior to processing, unless prohibited by law or in the public interest.
b) Ensure that persons authorized to process Application Data have undertaken to respect confidentiality or are subject to a legal obligation of confidentiality.
c) Adopt all appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the processing.
d) Respect the conditions for using another Data Processor, as established by current legislation on the protection of personal data.
e) To assist the User, considering the nature of the processing, by appropriate technical and organizational measures, where possible, to enable the User to fulfil its obligation to respond to requests to exercise the rights of data subjects.
f) To assist the User in ensuring that the User complies with its obligations, considering the nature of the processing and the information available to IM PROJECTS.
g) At the User’s option, destroy or return all personal data as soon as the processing services are completed and destroy any existing copies, unless the retention of personal data is required by applicable Union or Member State law.
h) To provide the User with all information necessary to demonstrate compliance with the obligations set forth herein, as well as to allow and contribute to the performance of audits, including inspections, by the Data Controller or other auditors authorized by the User.
i) Process the Application Data made available to IM PROJECTS to ensure that the responsible personnel follow User’s instructions.
j) Ensure that the designated Data Protection Officer (if applicable) or, in his or her absence, the Privacy Officer is involved in an appropriate and timely manner in all matters relating to the protection of Application Data.
k) Adhere to a Code of Conduct approved by the European Commission or other competent authority.
l) Keep a record of processing activities in the case of processing of personal data which may pose a risk to the rights and freedoms of the data subject and/or on a non-occasional basis, or which involve the processing of special categories of data and/or data relating to convictions and offences.
m) Respond to the legal rights established by applicable law and comply with the stipulations indicated in clause 7.
7. EXERCISE OF RIGHTS BY DATA SUBJECTS
If the Data Subjects respond to a request or exercise any of the rights set out in the General Data Protection Regulation, the User shall provide the requested information and take the necessary actions without delay and at the latest within one month of receipt of the request, which may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. IM PROJECTS will provide assistance.
Furthermore, in the event that the User does not proceed with the request, it shall inform the latter without delay, and within a maximum of one month after receiving the request, shall provide Data Subjects with the reasons why it did not act and inform them of its right to lodge a complaint with a competent authority and to lodge a judicial appeal. The response to the request must be in the same format used by the data subject, unless otherwise requested by the data subject.
8. OUTSOURCING
IM PROJECTS may subcontract its obligations and/or disclose Application Data to third party service providers without further authorization from the User. For this purpose, the User expressly agrees that IM PROJECTS may subcontract with the category of sub processors mentioned in clause 4 of the Privacy Policy “DISCLOSURE”. IM PROJECTS will establish a list of subcontractors, and additional or replacement sub-processors will be notified to the User as Data Controller. Data Subjects may request a list of sub processors at any time from privacy@im-projects.com.
9. INTERNATIONAL TRANSFER OF DATA
International transfers of Application Data may only be carried out if they comply with the requirements of applicable national or EU laws and regulations. IM PROJECTS uses third party technology services for the provision of Services, whose providers may process Application Data collected in the course of providing theirs, as sub-processors. These entities may be located in jurisdictions that generally do not provide adequate safeguards with respect to the processing of personal data. However, we enter into contracts with these entities that include such safeguards, including Standard Contractual Clauses approved by the European Commission. For more information, please contact privacy@im-projects.com.
10. BREACH OF PERSONAL DATA SECURITY
To the extent that there is an instruction from a competent supervisory authority, a development of national legislation or a delegated act, in the event of a breach of security of personal data, the User or IM PROJECTS, shall notify the competent supervisory authority of such breach without undue delay and, if possible, no later than seventy-two (72) hours after the event.
11. TERMINATION AND EXPIRATION
In the event of termination or expiration of the contractual relationship between the User and IM PROJECTS, IM PROJECTS will not retain the Application Data , unless it is legally required or desirable to do so. Otherwise, in the event of termination, resolution or expiry, or when it is no longer legally obliged to retain the data, IM PROJECTS will destroy or return to the User all personal data and any copies thereof, as well as any media or other documents containing personal data. This is without prejudice to IM PROJECTS’s right to continue to process the Application Data when IM PROJECTS processes such data or for the defense of its legal interests.